General

  • Target

    Trojan.Bonzify.zip

  • Size

    5.5MB

  • Sample

    240817-g38rwa1fkc

  • MD5

    2d3efe29a44d0ea6fa3697c135030e1a

  • SHA1

    65d49e73ff1c432e9d95b009298f347de5ed828e

  • SHA256

    4ca5ce97898d7770d1364e8b9006bef56383f5886b98888dedc7876283e9044a

  • SHA512

    1180026727462504c426a0892f3561a5cc75a3d24cf84aca4dcf51f55c0d0245324ed0268a9e961b36acbad124fdfa65944146a5cd098d9c16efbabdb8cd2c4b

  • SSDEEP

    98304:Kuv8hvcPgHmweG9abSwvQCFNeczP73i8muv2jO9mLnHJ9Bo3JHWXpQNLHE+nJ:Ky7Oe2aWcecr7F0O8LnpvsHSSk0J

Malware Config

Targets

    • Target

      Bonzify.exe

    • Size

      6.4MB

    • MD5

      fba93d8d029e85e0cde3759b7903cee2

    • SHA1

      525b1aa549188f4565c75ab69e51f927204ca384

    • SHA256

      66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764

    • SHA512

      7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2

    • SSDEEP

      196608:adAMaWetTeAkLIdx751qFTkub//73lc6u7b5VJ2Yx5xIdk3:OaWedh+Idx75QYub//73lc6u7bLMYxD

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: AppInit DLLs

      Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks